Hackers Set Fire To An Iranian Steelworks

It's extremely rare for hackers, who operate in the digital world, to cause damage in the physical world, but a cyber attack on a steel maker in Iran is being seen as a significant event.

The attack caused "massive damage" to a steel factory, causing an emergency shutdown.

A hacking group calling itself 'Predatory Sparrow' has claimed responsibility for the attack, which it said caused a serious fire and has subsequently released a video to back up its story. 

The video appears to be CCTV footage of the incident, showing factory workers leaving part of the plant before a machine starts spewing molten steel and fire. The video ends with people pouring water on the fire with hoses. In another video that surfaced online, factory staff can be heard shouting for firefighters to be called and describing damage to the equipment. 

Now, security experts are asking who is behind 'Predatory Sparrow' which some say is state-sponsored military hacking group. Its name, a play on the name of the Iranian cyber warfare group, Charming Kitten, could be a clue suggesting that it's a country with a strong interest in Iran. Also known by its Persian name, 'Gonjeshke Darande' the group say this was one of three attacks it carried out against Iranian steel makers in June, in response to unspecified acts of "aggression" carried out by the Islamic Republic.

The group has also started sharing gigabytes of data it claims to have stolen from the companies, including confidential emails. On its Telegram page Predatory Sparrow posted: "These companies are subject to international sanctions and continue their operations despite the restrictions. These cyber attacks, being carried out carefully to protect innocent individuals." That last sentence has attracted considerable attention as, from their public claim, the hackers knew that they were putting lives in danger and were careful to make sure the factory was empty before launching their attack. 

This has led many to wonder whether Predatory Sparrow is a professional and tightly regulated team of state-sponsored military hackers, who may even be obliged to carry out risk assessments before they launch an operation.

"They claim themselves to be a group of hacktivists, but given their sophistication, and their high impact, we believe that the group is either operated, or sponsored by, a nation state," says Itay Cohen, head of cyber research at Check Point Software.

Iran has been the victim of a spate of recent cyber-attacks that have had an impact in the real world but nothing as serious as this since the 2010 Stuxnet attack on Iran's uranium enrichment facilities. Stuxnet was a computer virus that damaged or destroyed centrifuges at Iran's uranium enrichment facility in Natanz, hampering its nuclear programme. The attack has been widely attributed to Israel and US military hackers working in combination, although this has never been officially confirmed.  

Since Stuxnet, there have been very few confirmed cases of physical damage and nation-state cyber attacks of this kind are more commonly designed to cause disruption, without causing real physical damage. That may now be about to change.

If Predatory Sparrow is a state-sponsored military hacking group, which country does it represent? According to Israeli media reports, Defence Minister Benny Gantz has ordered an investigation into leaks that led to Israeli journalists heavily hinting that Israel is behind the hack. The minister is possibly concerned that Israel's "ambiguity policy" on its operations against Iran might have been broken.

In October last year Predatory Sparrow claimed responsibility for taking Iran's national fuel station payment system offline. The group also said it had been behind a hack that hijacked digital billboards on roads, making them display a message saying, "Khamenei, where is our fuel?" - a reference to the country's supreme leader, Ayatollah Ali Khamenei. In both cases, the hackers showed a degree of responsibility by warning Iran's emergency services in advance about the potential chaos that could result.

Check Point researchers say they have also found code in the malicious software used by Predatory Sparrow that matches code used by another group, called Indra, that is thought to have hacked Iranian train station displays in 2021. The steel factory attack, however, is a sign that the stakes are getting higher.

IQStock:    HeadTopics:     BBC:     Yahoo:        Shout Radio:    Userwalls:     Nation World News:  

You Might Also Read: 

Israel & Iran Locked In Cyber Conflict:

 

« Migrating to the Cloud: Security Risks and Concerns
Millions Of Canadian Households & Businesses Offline »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Irish Reporting & Information Security Service (IRISS)

Irish Reporting & Information Security Service (IRISS)

IRISS-CERT is Ireland's first CSIRT (Computer Security Incident Response Team) to provide services to all users within Ireland.

Wilson Sonsini Goodrich & Rosati (WSGR)

Wilson Sonsini Goodrich & Rosati (WSGR)

WSGR is the premier provider of legal services to technology, life sciences, and growth enterprises worldwide. Practice areas include cybersecurity and data protection.

Verlingue

Verlingue

Verlingue (formerly ICB Group) is a leading corporate insurance broker providing Insurance, Risk Management and related advice to businesses and private clients.

Hitachi Systems Security

Hitachi Systems Security

Hitachi Systems Security provides customized services for monitoring and protecting the most critical and sensitive IT assets in our clients’ infrastructures 24/7.

Steganos

Steganos

Steganos offers highly secure and easy to use software tools that protect and secure on and offline data.

Seqrite

Seqrite

Seqrite offers a highly advanced range of enterprise and IT security solutions to protect your organization's most critical data.

Department of Justice & Equality - Cybercrime Division

Department of Justice & Equality - Cybercrime Division

The Cybercrime division is responsible for developing policy in relation to the criminal activity and coordinating a range of different cyber initiatives at national and international level.

EVOLEO Technologies

EVOLEO Technologies

EVOLEO provides engineering services covering a wide range of needs in the electronics design, embedded and systems engineering.

Selectron Systems

Selectron Systems

Selectron offers system solutions for automation in rail vehicles and support in dealing with your railway cyber security challenges.

Contextual Security Solutions

Contextual Security Solutions

Contextual Security Solutions is a leading provider of penetration testing services and IT security & compliance audits.

Entara

Entara

Entara (formerly YJT Solutions) is an eXtended Service Provider (XSP) focused on providing cutting edge technology and cyber security solutions to companies in regulated industries.

tTech

tTech

tTech is the first and foremost company providing outsourced Information Technology solutions to businesses in Jamaica.

Avetta

Avetta

Avetta One is the industry’s largest Supply Chain Risk Management (SCRM) platform. It enables clients to manage supply chain risks and suppliers to prove the value of their business.

Polygraph

Polygraph

Polygraph monitors the activities of click fraud gangs, including how they operate, who they target, the techniques they use, and how to detect their fraud.

Vaultinum

Vaultinum

Vaultinum are a trusted independent third party specialized in the protection and audit of digital assets.

AuditBoard

AuditBoard

AuditBoard is the leading cloud-based platform transforming audit, risk, ESG, and InfoSec management.